NtPrivilegeObjectAuditAlarm - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTSEAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
NtPrivilegeObjectAuditAlarm(
    _In_ PUNICODE_STRING SubsystemName,
    _In_opt_ PVOID HandleId,
    _In_ HANDLE ClientToken,
    _In_ ACCESS_MASK DesiredAccess,
    _In_ PPRIVILEGE_SET Privileges,
    _In_ BOOLEAN AccessGranted
    );

#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwPrivilegeObjectAuditAlarm(
    _In_ PUNICODE_STRING SubsystemName,
    _In_opt_ PVOID HandleId,
    _In_ HANDLE ClientToken,
    _In_ ACCESS_MASK DesiredAccess,
    _In_ PPRIVILEGE_SET Privileges,
    _In_ BOOLEAN AccessGranted
    );

#endif

View code on GitHub

Function NtPrivilegeObjectAuditAlarm doesn't work, as the most of other auditing functions...

SubsystemName

???

ObjectHandle

This can be any value.

ClientToken

HANDLE to Token Object opened with TOKEN_QUERY access.

DesiredAccess

???

ClientPrivileges

Pointer to PRIVILEGE_SET structure filled with valid data.

AccessGranted

???

Documented by

Requirements

Privilege: SE_AUDIT_PRIVILEGE

See also

Edit description on GitHub